aPI Standardization Industry group - ALLIANCE - NACHA

API Standardization Industry Group Inaugural Meeting Summary Report May 2017 Background Application Programming Interfaces (APIs) enable secure and controlled communications between software applications. As such, they can help improve the safety, efficiency and speed of communications. Despite the obvious benefits of APIs, adoption --particularly within the U.S. financial services industry — has been slow. APIs are not new, and many financial institutions and other industry stakeholders have been using them to support business goals for years, but mass adoption has not been achieved. So the question remains…Why? Some surveys point to a lack of information available to make an adequate cost-benefit analysis, a lack of information about the technologies themselves, or a lack of leadership commitment.1 Although these themes may play a role in why API adoption is not progressing more rapidly, at NACHA-The Electronic Payments Association, we believe that a lack of standardization also plays a significant role. Even the API industry recognizes the need for standardization. In fact, a quarter of developers cite standardization as the biggest challenge they would like to see the API industry solve in the coming years.2 For financial services and payments, API standardization can be transformational. Through standardized APIs, organizations can help improve the safety and transparency of transactions, automate processes and communications, enhance support of payments innovations, and more. To support advancement of API standardization, NACHA formed the API Standardization Industry Group. Composed of leaders from diverse segments of the financial services industry, the Group has been tasked with developing an “API Playbook.” The Playbook will serve as a tool to assist financial institutions, businesses, fintechs and other industry stakeholders with the creation of a standardized API ecosystem that can enhance support of the payments and business needs of industry participants.

Inaugural Meeting of the API Standardization Industry Group The API Standardization Industry Group convened at NACHA’s offices May 17-18, 2017, for its first formal meeting. Forty individuals representing 33 companies met to identify and prioritize the API use cases the Group will explore and outline potential components of the “API Playbook.” Additionally, the Group discussed key considerations to help support industry adoption to ensure success.

API Use Cases Within financial services, there are a number of pain points that APIs could solve for, from legacy system integration issues to straight-through processing hurdles. During its meeting, the API Standardization Industry Group identified a number of use cases to explore that will address/solve some of the common financial services/payments pain points. The use cases were ultimately separated into eight broad categories. 1. Payment Access – This could include APIs to support the interconnectivity of the various real-time payments systems that will soon become operational; APIs to support ACH payments origination; and others. 2. Fraud/Risk Reduction – This could include APIs to enable the secure and confidential transfer of payments; APIs that could confirm the identity/validity of the payee/payor of a transaction; and more. 3. Data Sharing – This could include APIs that would allow for single sign on across multiple platforms/systems; APIs that would allow for a one-stop source for information about an account/payee/payor; and more. 4. Directories/Registries – This could include APIs that would make paying someone as simple as providing an email address; APIs that would support business-to-business payment enablement; and more. 5. Portability – This could include APIs that would make it easier for consumers and businesses to open new accounts or better manage multiple banking relationships. 6. Enabling Services for the Unbanked/Underbanked – This could include APIs that would make payments and transacting for those without a demand deposit account as easy as those with an account, and more. 7. Ubiquity - This could include APIs that help narrow the payment system functionality gap between large and small entities and allow for greater innovation by the ability to reach all financial institutions through standardized APIs. 8. Coordination of other API efforts – This would include the identification of other standards organizations and groups exploring or developing similar API efforts and coordinating those efforts to minimize duplication and prevent industry confusion. The Group preliminarily identified Payment Access, Fraud/Risk Reduction, and Data Sharing as the top three categories of use cases to solve for by leveraging API standardization.

API Playbook The main purpose of the API Standardization Industry Group is to develop an “API Playbook.” The Playbook will serve as a guiding document for the financial services industry, outlining the value of API standardization, the opportunities and benefits of adoption, and providing the use cases and actual APIs, as well as the governance and standards to support adoption, consistency and security. During the May meeting, the Group outlined the main components to be included in the Playbook. Although not exhaustive, the list serves as a starting point to guide development and decision-making as the group moves forward. • Vision: An overview of what the Playbook is and the importance of and opportunities provided by API standardization, and the value proposition/business case for API standardization and adoption • Governance: Information around service and usage guidelines, along with participant roles and responsibilities • API Library: Specific use cases and corresponding APIs • Tech Standards: Resources on formats and API specifications • Security: Information on provisioning, permissions, and minimum requirements and standards • Communications: Updates and information about the API standardization effort and educational resources • Legal: The terms of use and any necessary disclaimers • Delivery Channel: Information on how to use the Playbook and resources for feedback and testing • Contributors and Users: A directory of those that contributed to development of the Playbook and users of the Playbook • Glossary: A listing of important terms, both business and technical

Considerations Even with development of an “API Playbook,” which would provide the standardized API ecosystem for the industry, success cannot be proclaimed until there is adoption by the critical mass. And there are many factors to consider related to adoption and use and how to achieve it. The Group raised a number of challenging questions/issues and debated their positions around those matters. • Will there be regulation around APIs? Will regulation force adoption? • Can we achieve true interoperability with API standardization? • Does standardization impact competition? Will that hinder adoption? • How does the Playbook remain relevant and address the ever-evolving needs of the financial services industry? • Are there areas where standardization is not necessary? • What are the security aspects that must be considered? What are the minimum security requirements? How can we ensure the security of any API ecosystem?

• How do we communicate about and provide education around the initiative? To whom should we be communicating? Which communication channels will be most effective? Although no definitive view or stance on these topics was established during the meeting, the significance of these topics was clear and potential implications are being weighed and considered as the Group advances its efforts.

The work of the API Standardization Industry Group is just beginning. The foundation has been set and the Group will continue building on that foundation until the API Playbook is complete and ready for release to the industry. Until that time, the API Standardization Industry Group will seek to provide regular updates to keep the industry abreast of its progress and to solicit feedback. In this way, the Group can ensure its efforts deliver the transformational evolution that API standardization can bring to the financial services industry.

Meeting Participants Actum Processing

Fiserv

The Clearing House

ADP

FRB Chicago

Transactis

Bank of America Merrill Lynch

Intuit

Treasury Software

BB&T

Jack Henry & Associates

Tyfone

BillingTree

J.P. Morgan

UMB Bank

CEDAR Document Technologies

linked2pay

U.S. Bank

CFPB

MicroBilt

Visa

D3 Technology, Inc.

mSHIFT, Inc.

Dovetail

NACHA

Early Warning Services

Navy Federal Credit Union

EPCOR

NEACH

First Data

PLAID

FIS

QCHEQUE

API Standardization Industry Group Leadership Team Michael Benoit Executive Director J.P. Morgan David Chance SVP, Product Strategy Dovetail Kelly Blankenship Director, Compliance & Ethics DXC Technology Annmarie Corrigan Director, Business Risk First Data Andrew Bubbs, AAP Senior Product Manager Fiserv Lisa Gawlak Vice President, Product Management Transactis, Inc.

Millicent Calinog SVP, Treasury Management API Product Manager Wells Fargo John Hickman Managing Director Capco Ritesh R. Kirad SVP, Senior Apps Manager Bank of America Merrill Lynch Shoaib Shafquat President & Founder QCHEQUE Randall Lade Vice President U.S. Bank Sarah Shatila Senior Director, Enterprise Digital Strategy FIS

Upcoming API Standardization Industry Group Meetings August 24, 2017 Federal Reserve Bank Atlanta Atlanta, GA

October 11, 2017 Westin New York at Times Square New York City, NY

For More Information For more information about the API Standardization Group or to join, visit www.nacha.org/api-standardization-industry-group.

Contact Kathy Levin Senior Director Payments Product Manager, Network Development NACHA–The Electronic Payments Association P. 703-561-3929 • E. [email protected]

Christina McGeorge Vice President, Product Ownership D3 Technology, Inc. Eric Showen Business Development PLAID Scott Moeller Chairman and Chief Executive Officer mSHIFT, Inc. Don Wilcox Senior Platform Development Manager BillingTree Alex Yang Director Bank of America Merrill Lynch Charles Youakim CEO Sezzle

About the API Standardization Industry Group In recognition of the importance of API standardization for the U.S. financial services industry, NACHA formed the API Standardization Group in the spring of 2017. The Group is made up of leaders from financial institutions, fintechs, businesses, service providers, standards organizations and others, all of whom have a desire to further efforts to standardize the use of APIs in the U.S. The API Standardization Industry Group is sponsored by NACHA’s Payments Innovation Alliance.

About NACHA’s Payments Innovation Alliance The Payments Innovation Alliance, a program of NACHA, brings together diverse, global stakeholders to support payments innovation, collaboration, and results through discussion, debate, education, networking, and special projects that support the ACH Network and the payments industry worldwide. By organizing content and focus across all payment areas, including emerging payment technologies, electronic billing and presentment, mobile, payment security/risk, check conversion and global payments, the Alliance seeks to grow and advance payments and payments technology to better meet and serve the needs of the evolving industry. For more information and to learn how to join, visit www.nacha.org/payments-innovation-alliance.

About NACHA – The Electronic Payments Association Since 1974, NACHA - The Electronic Payments Association has served as trustee of the ACH Network, managing the development, administration and rules for the payment network that universally connects all 11,000 financial institutions in the U.S by moving money and information directly from one bank account to another. In 2016, there were 25 billion ACH payments made that moved $43 trillion. Through its collaborative, self-governing model, education, and inclusive engagement of ACH Network participants, NACHA facilitates the expansion and diversification of electronic payments, supporting Direct Deposit and Direct Payment via ACH transactions, including ACH credit and debit payments, recurring and one-time payments; government, consumer and business transactions; international payments, and payments plus payment-related information. Through NACHA’s expertise and leadership, the ACH Network is now one of the largest, safest, and most reliable systems in the world, creating value and enabling innovation for all participants. Visit nacha.org for more information. 1

https://www.finextra.com/pressarticle/68760/payments-professionals-uncertain-about-implementation-of-new-technologies/retail

2

https://smartbear.com/SmartBear/media/ebooks/State-of-API-Report-2016.pdf